Me too. I'm starting to self-host more and more services for both me and my family, and I wonder what would happen should I meet a bus in a front-facing way.
DNS naming rules for non-Unicode are letters, numbers, and hyphens only, and the hyphens can't start or stop the domain. Unicode is implemented on top of that through punycode. It's possible a series of bugs would allow you to punycode some sort of injection character through into something but it would require a chain of faulty software. Not an impossibly long chain of faulty software by any means, but a chain rather than just a single vulnerability. Punycode encoders are supposed leave ASCII characters as ASCII characters, which means ASCII characters illegal in DNS can't be made legal by punycoding them legally. I checked the spec and I don't see anything for a decoder rejecting something that jams one in, but I also can't tell if it's even possible to encode a normal ASCII character; it's a very complicated spec. Things that receive that domain ought to reject it, if it is possible to encode it. And then it still has to end up somewhere vulnerable after that.
Rules are just rules. You can put things in a domain name which don't work as hostnames. Really the only place this is enforced by policy is at the public registrar level. Only place I've run into it at the code level is in a SCADA platform blocking a CNAME record (which followed "legal" hostname rules) pointing to something which didn't. The platform uses jython / python2 as its scripting layer; it's java; it's a special real-time java: plenty of places to look for what goes wrong, I didn't bother.
People should know that they should treat the contents of their logs as unsanitized data... right? A decade ago I actually looked at this in the context of a (commercial) passive DNS, and it appeared that most of the stuff which wasn't a "valid" hostname was filtered before it went to the customers.
Agree. In general, the whole Microsoft "Admin" panel is utter garbage. Messy, slow, with ten different interfaces. Finding something without Googling it first is impossible.
You can _almost_ do anything you want in the privacy of your home; but in this case Twitter was actively and directly disseminating pictures publicly on their platform.
And profiting from it, though less directly than "$ for illegal images". Even if it wasn't behind a paywall (which it mostly is) driving more traffic for more ads for more income is still profiting from illegal imagery.
Exactly. If AI really worked, they would've released a native app. And it wouldn't take much to also get a Windows and a Linux native app, wouldn't it?
Apparently, the Codex app itself is proof that AI is not that good at doing what people think it does.
I've been using the Thomson Google TV Streaming Stick. It's cheap (~40 euros) and it works surprisingly well for what it is. It's sold in Europe, but I think you can find the same product in the US at Walmart, rebranded as Onn+ Streaming Device.
It's not as powerful as an Nvidia Shield, of course, but at least is not a random product from Temu riddled with spyware.
I'm not trying to defend Wikipedia at all costs, but you should also think about how much spam and trolling would happen on their platform if they didn't have these annoying blocks for non-registered users.
I run a pretty simple SaaS with a free tier and the amount of spam that I have to manage is high; I don't want to even imagine how difficult it must be to run a website where anybody can edit pretty much anything.
I honestly think that the search feature of Immich is better than Google Photos.
Maaaybe AI-based searches like "cat on a red car" are better on Google (but I wouldn't bet my life on it), but Immich applies the exact filters that I want (Google is too fuzzy).
Also, unlike Google, Immich doesn't censor your searches, so I can look up for naked pictures or photos of gorillas, and actually see the results.
reply